The Heartbleed Bug

A newly-discovered flaw in the protection used by "secure" websites across the Internet, the so-called "Heartbleed" bug, has become a major news story. Some widely-used websites like Yahoo!, Imgur, Eventbrite and OKCupid were vulnerable (many have been patched already).  While there is real cause for concern, you can (and should!) take a few simple steps to protect yourself.
  1. Make a list of web accounts you use where security matters: email (first and foremost), banking, credit cards, backup (e.g. Mozy, Carbonite, iCloud), file storage (Dropbox, Evernote), e-commerce (PayPal, Venmo) health information, etc.
  2. Check if those sites are vulnerable to the Heartbleed bug here (see safe list below).
  3. Change your password for each site IF the site is patched or shows as not vulnerable. (I know it's a pain, but better safe than sorry). DO NOT USE THE SAME PASSWORD
  4. Keep a close eye on financial statements for any unauthorized activity.

>>If the site is still vulnerable, WAIT to change your password
until the site is secure.<<
The following major sites have already been patched or were probably not vulnerable, so you can skip step 2:

  • Gmail/Google/Youtube
  • Yahoo!
  • Facebook
  • Dropbox
  • Mozy
  • Hotmail
  • Citibank
  • Chase
  • iCloud

As always, let us know if you have questions.